CVE-2018-11046

MEDIUM

Pivotal Operations Manager 2.0.14 and 2.1.x < 2.1.6 - Unpatched NGINX Vulnerabilities

Title source: llm
STIX 2.1

Description

Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104545
Mitigation, Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2018-11046

Scores

CVSS v3 6.5
EPSS 0.0090
EPSS Percentile 55.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (2)
pivotal_software/operations_manager 2.0.14
pivotal_software/operations_manager 2.1.0 - 2.1.6
Published Jun 25, 2018
Tracked Since Feb 18, 2026